On Fri, Oct 24, 1997 at 02:42:19PM +0100, Adam Back wrote:
Kent Crispin <kent@bywater.songbird.com> writes:
It may be less obvious, but despite what PGP claims, a significant fraction of this demand is for the ability to SNOOP, and not just data recovery.
I was suspicious about this also, the CMR design makes much more sense if this is the user requirement. Binding cryptography also would make sense for this requirement.
But the last time I expressed this suspicion on this list Jon Callas clearly stated that this was not the case:
Jon Callas <jon@pgp.com> writes: : It is possible that : there is an unstated perceived user requirement, that the messaging : standard be able to allow third party access to the communications : traffic directly. : : Nope, that's not what we're arguing for.
So it would appear that your suspicious are unfounded...
Jon's statement and my statement are consistent, if you look a little more closely.
*All* the debate on this list implicitly takes the employee's side, not the management's side, and that is a serious lack. The unpleasant fact is that managers NEED TO BE ABLE TO SNOOP.
Okay! Some one who is able to say the unpleasant words. (I think Lucky may have been hinting at this also).
If this is the case, I reckon it's still better to just escrow their comms keys locally.
In my early days on the list I spent a great deal of effort arguing exactly this point, perhaps even with you. Perhaps you recall my discussions of the "key-safe" model. (I suppose we could check the archives...) At that time, however, my proposal was branded as key escrow and hence evil, and the STANDARD REPLY WAS THAT IT WOULD BE FAR, FAR BETTER TO JUST ENCRYPT TO A COMPANY KEY AS WELL AS THE PRIVATE KEY. *You* may even have made such arguments. Now that PGP has actually gone and implemented exactly what some months ago was the preferred alternative, the jack-rabbit meme-ridden collective cypherpunk semiconciousness awakens from its hazy stupor and says "Huh! GAK!", and parades Key Escrow as a safer solution. So, for sure, either the thinking those months ago was shallow, or the thinking now is shallow. The third alternative, that the thinking has remained at a constant level, is interesting to contemplate.
Put them all in the company safe, whatever. To go with this kind of a company with this kind of policy, I would presume that sending or receiving super-encrypted messages would would be a sackable offense.
However, there is an alternate reason for the CMR design, which you don't include above (tho' you did I think discuss this earlier):
That PGP Inc thought CMR would be easier to implement within their plugin API, and dual function crypto (file encryption, and email encryption), and to cope with things like encrypt-to-self on Cc: to self to keep copies.
Yes, I did mention the matters of history, backward compatibility, and expedience under tight schedules as important factors.
It is terrible to work for an employer who will snoop, but it is just as terrible to have dishonest employees. It doesn't take a genius to realize that the existence of dishonest employees is a primary motive for management snooping.
Even with snoopware such as you describe, and companies with such attitudes, there are other similarly easy ways to get data out: user walks out of building with floppies. In fact from memory I think this was one you suggested: "frisbee DAT tape out of window to sweetheart" or words to that effect.
I don't remember saying that, but the point is obvious, anyway. The argument that leaking company secrets is the primary concern is fallacious for exactly the reason you mention -- there are a thousand ways to leak data out. There are other, more realistic concerns. Is the employee exchanging encoded gif images with his friends? Is the employee telling the truth about an exchange with a customer? Is the employee spending all his time reading mailing lists devoted to home-brew-beer, and other hobbies? Is the employee distributing porno images from an ftp site on a company computer? Is the employee running a consulting business on the company computers? For investigating any such suspicions, snooping incoming mail would be just as valuable as snooping outgoing mail. BTW: You may laugh -- But I have seen real-life instances of each of these examples.
Clearly, there are some organizations for which this is more important than others -- financial services companies are only the most obvious example.
Maybe. If PGP Inc want to go this far, and design software with these features, I reckon local key escrow is better.
I reckon local key escrow is better, myself. But be real for a moment, Adam. If they had designed a system with "local key escrow" they would have been crucified by the butterfly brains on cypherpunks far more intently than they are being lambasted for CMR. The very phrase "KEY ESCROW IN PGP" would have turned the cypherpunk group mind into quivering jelly.
However that is not what they are saying.
It doesn't matter what they are saying, really. They designed something with a set of constraints, one of which was the meme of antipathy to anything that could be termed "key escrow". I understand what Lucky meant when he said that PGP had pulled the greatest hack ever on corporate America. It's so good that you have to conceal your mirth, for fear of screwing it up... -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html